The HHS Office of National Coordinator (ONC) hosted a well-attended Annual Meeting this week. It’s a critical time for HHS because regulations authorized under the almost unanimous bi-partisan 21stC Cures Act, three and a half years in the making, are now facing intense political pressure for further delay or outright nullification. HHS pulled out all of the stops to promote their as yet unseen work product.
Myself and other patient advocates benefited from the all-out push by ONC. We were given prominent spots on the plenary panels, for which we are grateful to ONC. This post summarizes my impressions on three topics discussed both on-stage and off:
Patient Matching and Unique Patient Identifiers (UPI)
Reaction to Judy Faulkner’s Threats
Consumer App Access and Safety
Each of these represents a different aspect of the strategic interests at work to sideline patient-centered practices that might threaten the current $Trillion of waste.
The patient ID plenary panel opened the meeting. It was a well designed opportunity for experts to present their perspectives on a seemingly endless debate. Here’s a brief report. My comments were a privacy perspective on patient matching, UPI, and the potential role of self-sovereign identity (SSI) as a new UPI technology. The questions and Twitter about my comments after the panel showed specific interest in:
The similarity of “enhanced” surveillance for patient matching to the Chinese social credit scoring system.
The suggestion that we already have very useful UPIs in the form of email address and mobile phone numbers that could have been adopted in the marketplace, but are not, for what I euphemistically called “strategic interests”.
The promise of SSI as better and more privacy preserving UPIs that might still be ignored by the same strategic interests.
The observation that a consent-based health information exchange does not need either patient matching or UPIs.
We begin by commending HHS, CMS, and ONC for skillfully addressing the pro-competitive and innovative essentials in crafting this Rule and the related materials. However, regulatory capture threatens to derail effective implementation of the rule unless HHS takes further action on the standards.
Regulatory capture in Wikipedia begins:
“Regulatory capture is a form of government failure which occurs when a regulatory agency, created to act in the public interest, instead advances the commercial or political concerns of special interest groups that dominate the industry or sector it is charged with regulating. When regulatory capture occurs, the interests of firms, organizations, or political groups are prioritized over the interests of the public, leading to a net loss for society. Government agencies suffering regulatory capture are called “captured agencies.” (end of Wikipedia quotation.)
The extent to which HHS has allowed itself to be influenced by special interests is not the subject of this comment. This comment is just about how HHS and the Federal Health Architecture can act to more effectively implement the sense of Congress in the 21st Century Cures Act.
The 2016 21st Century CURES Act is the law. It is built around two phrases: “information blocking” and “without special effort” that give the administration tremendous power to regulate anti-competitive behavior in the health information sector. The resulting draft regulation, February’s Notice of Proposed Rulemaking (NPRM) is a breakthrough attempt to bend the healthcare cost curve through patient empowerment and competition. It could be the last best chance to avoid a $6 Trillion, 20% of GDP future without introducing strict price controls.
This post highlights patient-directed access as the essential pro-competition aspect of the NPRM which allows the patient’s data to follow the patient to any service, any physician, any caregiver, anywhere in the country or in the world.
The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have published proposed final rules on interoperability and data blocking as part of implementing the 21st Century Cures act. In this series we will explore the ideas behind the rules, why they are necessary and the expected impact. Given that these are complex, controversial topics, and open to interpretation, we invite readers to respond with their own ideas, corrections, and opinions.
Health IT 1.0, the basic digitalization of health care, succeeded in getting health care to stop using pens and start using keyboards. Now, Health IT 2.0 is emerging and will build on this foundation by providing better, more diverse applications. Health care is following the example set by the rest of the modern digital economy and starting to leverage existing monolithic applications like electronic health records (EHRs) to create platforms that support a robust application ecosystem. Think “App Store” for healthcare and you can see where we are headed.
This is why interoperability and data blocking are two of the biggest issues in health IT today. Interoperability – the ability of applications to connect to the health IT ecosystem, exchange data and collaborate – is a key driver of the pace and breadth of innovation. Free flowing, rich clinical data sets are essential to building powerful, user-friendly applications. Making it easy to install or switch applications reduces the cost of deployment and fosters healthy competition. Conversely, when data exchange is restricted (data blocking) or integration is difficult, innovation is stifled.
Given the importance of health IT in enabling the larger transformation of our health system, the stakes could hardly be higher. Congress recognized this when it passed the 21st Century Cures Act in 2016. Title IV of the act contains specific provisions designed to “advance interoperability and support the access, exchange, and use of electronic health information; and address occurrences of information blocking”. In February 2019, ONC and CMS simultaneously published proposed rules to implement these provisions.
The original sin of health records interoperability was the loss of consent in HIPAA. In 2000, when HIPAA (Health Insurance Portability and Accountability Act) first became law, the Internet was hardly a thing in healthcare. The Nationwide Health Information Network (NHIN) was not a thing until 2004. 2009 brought us the HITECH Act and Meaningful Use and 2016 brought the 21st Century Cures Act with “information blocking” as clear evidence of bipartisan frustration. Cures, in 2018, begat TEFCA, the draft Trusted Exchange Framework and Common Agreement. The next update to the draft TEFCA is expected before 2019 which is also the year that Meaningful Use Stage 3 goes into effect.
Over nearly two decades of intense computing growth, the one thing that has remained constant in healthcare interoperability is a strategy built on keeping patient consent out of the solution space. The 2018 TEFCA draft is still designed around HIPAA and ongoing legislative activity in Washington seeks further erosion of patient consent through the elimination of the 42CFR Part 2 protections that currently apply to sensitive health data like behavioral health.
The futility of patient matching without consent parallels the futility of large-scale interoperability without consent. The lack of progress in patient matching was most recently chronicled by Pew through a survey and a Pew-funded RAND report. The Pew survey was extensive and the references cite the significant prior efforts including a 100-expert review by ONC in 2014 and the $1 million CHIME challenge in 2017 that was suspended – clear evidence of futility.
Jessica DaMassa cracks her whip and in just 2 minutes gets answers out of me about the bidding for #athenahealth, the new clinics at #Amazon, the #FDA approving #NaturalCycles as a contraceptive, and the tech giants getting on stage unprompted at ONC’s Blue Button 2.0 day to tell the world that they are going to fix the interoperability problem. Oh, and a shout out to THCB’s 15th birthday–Matthew Holt
The focus on the CMS rules on information blocking continues on THCB. We’ve heard from Adrian Gropper & Deborah Peel at Patients Privacy Rights, and from e-Patient Dave at SPM and Michael Millenson. Now Adrian Gropper summarizes — and in an linked article –notates on the American Hospital Association’s somewhat opposite perspective–Matthew Holt
It’s “all hands on deck” for hospitals as CMS ponders the definition and remedies for 21st Century Cures Act information blocking.
This annotated excerpt from the recent public comments on CMS–1694–P, Medicare Program; Hospital Inpatient Prospective Payment Systems… analyzes the hospital strategy and exposes a campaign of FUD to derail HHS efforts toward a more patient-centered health records infrastructure.
Simply put, patient-directed health records sharing threatens the strategic manipulation of interoperability. When records are shared without patient consent under the HIPAA Treatment, Payment and Operations the hospital has almost total control.Continue reading…
Executive Summary of PPR Comments on Information Blocking
Information blocking is a multi-faceted problem that has proved resistant to over a decade of regulatory and market-based intervention. As Dr. Rucker said on June 19, “Health care providers and technology developers may have powerful economic incentives not to share electronic health information and to slow progress towards greater data liquidity.” Because it involves technology standards controlled by industry incumbents, solving this problem cannot be done by regulation alone. It will require the coordinated application of the “power of the purse” held by CMS, VA, and NIH.
PPR believes that the 21st Century Cures Act and HIPAA provide sufficient authority to solve interoperability on a meaningful scale as long as we avoid framing the problem in ways that have already been shown to fail such as “patient matching” and “trust federations”. These wicked problems are an institutional framing of the interoperability issue. The new, patient-centered framing is now being championed by CMS Administrator Verma and ONC Coordinator Rucker is a welcome path forward and a foundation to build upon.
To help understand the detailed comments below, consider the Application Programming Interface (API) policy and technology options according to two dimensions:
API Content and Security
Institution is Accountable
Patient is Accountable
API Security and Privacy
Broad, prior consent
Known to the practice
API Content / Data Model
Designated record set
Bulk (multi-patient) data
Designated record set
Wearables and monitors
This table highlights the features and benefits of interoperability based on institutional or individual accountability. This is not an either-or choice. The main point of our comments is that a patient-centered vision by HHS must put patient accountability on an equal footing with institutional accountability and ensure that Open APIs are accessible to patient-directed interoperability “without special effort” first, even as we continue to struggle with wicked problems of national-scale patient matching and national-scale trust federations.
Here are our detailed comments inline with the CMS questions in bold:Continue reading…
Let’s give the Office of the National Coordinator (ONC) credit for trying. In what’s arguably the first significant piece of policymaking, the newly Republican HHS issued a draft Trusted Exchange Framework and Common Agreement (TEFCA) that aims to implement the massively bipartisan 21st Century Cures act mandate to end information blocking. Are they succeeding?
Why should you care? After almost a decade and many tens of $billions spent on health information technology, neither physicians nor patients have access to a longitudinal health record, transparency of quality or cost, access to independent decision support, or even the ability to know what their out-of-pocket cost is going to be. After eight years of regulation, precious little benefit has trickled-down to patients and physicians. This post looks at the TEFCA proposal from the patient experience perspective.
The patient perspective matters because, under HIPAA, patients do not have choice about how our data is accessed or used. This has led to information blocking as hospitals and EHR vendors slow-walk the ability of patients to direct data to information services we choose. Patients lost the “right of consent” in 2002. This puts a regulation-shy administration in a quandary: How do they regulate to implement Cures, when current HIPAA and HITECH-era regulations give all of the power to provider institutions bent on locking-in patients as key to value-based compensation?
On July 24, the new administration kicked off their version of interoperability work with a public meeting of the incumbent trust brokers. They invited the usual suspects Carequality, CARIN Alliance, CommonWell, Digital Bridge, DirectTrust, eHealth Exchange, NATE, and SHIEC with the goal of driving for an understanding of how these groups will work with each other to solve information blocking and longitudinal health records as mandated by the 21st Century Cures Act.
Of the 8 would-be trust brokers, some go back to 2008 but only one is contemporary to the 21stCC act: The CARIN Alliance. The growing list of trust brokers over our decade of digital health tracks with the growing frustration of physicians, patients, and Congress over information blocking, but is there causation beyond just correlation?
One way to get data to move is open APIs, which the 21st Century Cures Act mandates by tasking EHR vendors to open up patient data “without special effort, through the use of application programming interfaces.”